package com.test.security.springsecuritydemo10.config;

import com.test.security.springsecuritydemo10.filter.CsrfTokenLogger;
import com.test.security.springsecuritydemo10.service.CustomCsrfTokenRepository;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;

/**
 * Created with IntelliJ IDEA.
 *
 * @author： liuziyang
 * @date： 2023/1/3-22:14
 * @description：
 * @modifiedBy：
 * @version: 1.0
 */
@Configuration
public class ProjectConfig extends WebSecurityConfigurerAdapter {

  @Bean
  public CsrfTokenRepository customCsrfTokenRepository() {
    return new CustomCsrfTokenRepository();
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf(
        c -> {
          c.csrfTokenRepository(customCsrfTokenRepository());
          c.ignoringAntMatchers("/ciao", "/csrf-token");
        });
    http.addFilterAfter(new CsrfTokenLogger(), CsrfFilter.class);
    http.httpBasic().disable().authorizeRequests().anyRequest().permitAll();
  }
}
